Hmmm. How can you effectively make a policy for what ports
to block or pass?
It seems to me that this is a bad idea. Today with what seems to
be "the crawling horror of the week" in the Windows world, what
you do today might not be good tomorrow. Because of this I
can't see making a policy as a good thing. You need to be able
to turn on a dime when it comes to security matters. Having a
committee make that kind of decision just feels dangerous. A
policy on the more general concept of security and what you're
trying to accomplish does make sense to me, but the gritty
details are best left dynamic.
In my experience passwords are a really hard thing to deal with.
Make drastic pw policies and you get people pasting them on
Post It notes on their monitors. A really strange password that
is changed once a year or two is a better password than something
as simple as the user can get away with, it seems to me. Getting
them do make good passwords is an interesting challenge.
On Wednesday 17 March 2004 04:09 pm, Willson, Jim wrote:
> No, I'm referring to what our "security policy" is for the college. For
> example, password expirations and length, what ports will/won't be
> allowed through, etc.
> -----Original Message-----
> From: MSU Network Administrators Group [mailto:[log in to unmask]] On
> Behalf Of STeve Andre'
> Sent: Wednesday, March 17, 2004 3:57 PM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] Security Policy
> Perhaps I'm just being dumb again, but can you explain what you mean by
> having the policy approved by your governing board, ie the policy of
> having a firewall, or what it does?
> Thanks, STeve Andre'
> On Wednesday 17 March 2004 03:54 pm, Willson, Jim wrote:
> > Fellow network administrators:
> > We are in the process of planning and implementing a firewall at our
> > college. An important first step is to write a supporting policy for
> > such a system, and then have it approved by our college's governing
> > board.
> > As there are other units out there that are also working on
> > implementing firewalls and other security measures, I would like to
> > take this opportunity to collaborate with those of you interested in
> > developing policies like this to help protect and secure our networks.
> > Does anyone out there already have a security policy in place that
> > addresses these issues? Would you be willing to share it with me
> > and/or the group?
> > Is anyone interested in collaborating in the writing of a network
> > security policy for use at the college/unit level?
> > Thanks,
> > Jim Willson
> > Information Technology Services
> > Broad College of Business
> > Michigan State University
> > http://www.bus.msu.edu/its/